The video surveillance caught the bad guys but a dragnet gets a pat on the back for 26,000 violations of privacy.
This is one good story however it is presented with a narrative that seeds unquestionable support for warrantless surveillance.
702 is on the horizon, what will we choose? Privacy or security. There is no such thing as both. In this well painted narrative the answer is simple. Security. What about other narratives though?
Damn, they asked Google to turn over IP addresses visiting specific URLs, Google refused, then they collected the data “from the Internet gateway” anyway? So TLS is just broken in India, and the “Internet gateway”, whichever hop that refers to, sees everything in clear text?
I am trying to understand how it is possible to filter all IP activity for such a (broad) search term. As opposed to say superbowl livestream.
They only looked at requests sent to YouTube? Doesn't YouTube use https by default?
Did they do a simple YouTube search for 'Tom and Jerry' note down the full URLs for first two pages of search results... and look for those in the ISP logs?
DNS lookups only show "www.youtube.com" but not the VideoID or full URL I presume. So ISPs must be logging all URLs being visited by all their users?
India's encryption laws require service providers to allow law enforcement to intercept, monitor and trace encrypted traffic. Encryption within India is limited by law to weak forms.
I don't know if it is actually implemented, but note it could be either of the two endpoints that could cooperate to allow decryption - client (browser) or server.
It is possible that Google is not allowed to operate in India unless they transmit all the keys to the government somehow. If they are forced to share the private key used for Youtube's certificates, that would allow effective MITM, or entirely passive surveillance if a non-ephemeral key suite is used. Google could also be required to send them every ephemeral key.
That's non-trivial to pull off without massive noise being generated by users. Even if you're able to somehow able to backdoor all domestic computers to install the government's root certificate, there's going to be a steady stream of complaints from foreigners coming in with their non-backdoored devices.
That means that either the government has a browser trusted root CA (which means they could spy on anyone in the world if they can MITM them), or they somehow force everyone in the country to install their trusted CAs.
> A police officer said that they searched for Tom and Jerry cartoons on YouTube and showed three or four of them to the child, who identified one particular cartoon. The URL of this cartoon was sent to the Cyber Cell.
Indeed, if I was in LE I would not give away my signature tells.
The argument is our course: is public safety more important than data privacy?
Nobody AFAICT is honestly running those numbers. Probably because it would require cross-agency number gathering and the end result is potentially that agencies lose some magic powers.
The "news" stories related to the incident are sensational. One claimed the Youtuber speaks perfect American English for a global audience but bribed an English exam center (necessary to migrate to a lucrative career in other countries) to pass. Damn exams dont capture her fluency which she demonstrates to a large global audience! Turns out she uses a computer generated voice.
This reminds me of the TOR service that tells you how unique your presence is on the network, based on a whole lot of things the browser reports.
Sometimes it'll be a single font that gives a person away, even when so many other bits of information are essentially the same.
It works pretty much exactly like how Akinator The Mind Reading Genie works. You narrow down by various yes and no answers, and get to the right answer, or a very close subset, surprisingly quickly.
What surprised me the most was 26,000 people watched Tom and Jerry between 7:30pm and 6:30am on some website. That’s a lot more than I would have expected.
Oh that's not the reason. Animation in general is seen as childish by the vast majority here in India, and a lot of people wouldn't even imagine that animation could be NSFW. Most folks wouldn't care less if the child was watching, say, Bojack Horseman (except any blatantly explicit scenes/words of course). Tom and Jerry is an easy reach, since the humor is more slapstick than verbal, and it's been around long enough that parents today have grown up watching it on TV. Most of the NSFW stuff in Spongebob is too subtle for the average uninterested Indian adult.
Basically, children's entertainment = animation = Tom and Jerry, more often than not. Urban 1%er parents tend to default to Peppa Pig.
It's sad that you feel like you have to preemptively defend yourself against criticism for implying children shouldn't be exposed to subversive or NSFW content.
I would assume the apology was for classifying SpongeBob as subversive or NSFW, which they likely don’t agree with (and it seems like you probably should have to defend your view if you do as it’s a pretty fringe PoV)
Youtube cartoons are the staple video content to slap onto a mobile or a tv to get toddlers to eat. Here in India, its scary how much parent neglect to engage with children and just put a cartoon and stuff foid into their mouth, while they themselves are busy on a call or fiddling with their phones.
Almost every toddler I have seen has an old broken phone as their own video player.
You got to do what you got to do otherwise you risk the kid going hungry or having a meltdown or both.
Being so black and white about sticking a video in front of a kid to make sure it sits in one place and eats is dismissive of parents who have to make these decisions in real time.
Do we know those kids don’t get play time with friends? Or down time to get bored and hence be forced to invent games in their own heads? We only see and opine on “bad” behaviour, not the what happens behind closed doors the remaining 23 hrs of the day when the kid is out of our line of sight.
Not sure if one meltdown is the mean or even the median for how much time a kid takes to learn how to sit in one place without being distracted.
In any case, it doesn’t matter a whit if the average is one meltdown if your kid has gone without two consecutive meals. All this theorising goes out the window when the third meal is coming up and you’re struggling to get a morsel inside your kid. How many consecutive meals are you willing to let your kid skip on principle?
Comparing what we did in the past, how we lived in the past, what worked two decades ago is basically useless.
Phones exist. On demand entertainment exists. Kids know it. You know it. You aren’t putting any genie back in the bottle by trying to explain to your kid that since you grew up without being amused into eating, they need to do that too.
Not in India, but I've seen parents here sit down at a restaurant table and shove a cell phone in front of a toddler the second they sit down. They don't allow the kid to even get bored, try to do other stuff or interact with the kid. In my experience, a 1-2-3 year old kid doesn't have the "cellphone have cartoons, gimme!" unless they've been educated to expect that.
Does that seem like a bad habit to impose on your kids + you not engaging with them? It does to me. Am I gonna call (the equivalent to) child services? No. Do I make other probably equally bad choices for my kids? Quite likely.
Tom and jerry is popular as it kept the kids engaged and since there's only action involved, anyone could watch it regardless of age, i remember seeing old people watching tom and jerry with joy, that's why the numbers are high.
I am guessing there must be some multiplier .. like hits to a CDN in parallel / pre-fetch a few seconds of video for each of the 10-20 videos on a search page.
Reminds me of the Maury Travis case. Documented in the Forensic Files episode "X Marks the Spot". "Shear Luck" is another memorable episode about a suspect who cut up a floppy disk containing evidence.
Edit: Just remembered the episodes "Ticker Tape" and "Hack Attack", which are of a similar theme.
The news story is bogus. Internet service providers can't see what webpage their clients are seeing because everything is HTTPS and there is no MITM from government here as one suggested in the comments. The only technical censorship in India is SNI based HTTPS website blocking and the HTTPS website blocks.
Another aspect to the same kidnapping drama -- the perpetrator was a YouTuber and her parents, apparently looking for ways to make up for losing income streams due to demonetized YouTube channel ...
This is one good story however it is presented with a narrative that seeds unquestionable support for warrantless surveillance.
702 is on the horizon, what will we choose? Privacy or security. There is no such thing as both. In this well painted narrative the answer is simple. Security. What about other narratives though?